docx-processor
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from Microsoft Word files, creating a potential surface for indirect prompt injection.
- Ingestion points: Document content is read and extracted in
scripts/read_docx.pyandscripts/convert_docx.py. - Boundary markers: None identified; extracted text and table data are returned directly to the agent context without delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill can read local files and write converted output to the
/tmp/openskills-converteddirectory. It does not have network access or arbitrary command execution capabilities. - Sanitization: None; document content is extracted and processed as raw text.
Audit Metadata